Business Analyst – Third-Party Software Security Governance – Brussels

Business Analyst – Third-Party Software Security Governance – BrusselsA leading financial institution based in Brussels is looking for an experienced Business Analyst to help design and implement a new governance framework for managing the security of third-party software suppliers.This multi-year programme will strengthen the organisation’s ability to control and monitor software security across both on-premises and SaaS applications, ensuring compliance with internal standards and the upcoming DORA (Digital Operational Resilience Act) regulation.You’ll work closely with teams in IT, Risk, Security, and Supply Chain to define governance structures, document key processes, and coordinate the rollout of new reporting and monitoring capabilities across the organisation.RoleDesign governance structures (RACI, committees, target operating model) for managing supplier-related security activitiesDefine and document end-to-end processes for assessing and tracking software supplier securityContribute to the design of the data model and reporting framework supporting supplier and vulnerability managementReview incident and alert handling processes involving third-party software or cloud providersDefine controls, monitoring procedures, and response plans aligned with DORA and security best practicesCoordinate with stakeholders across multiple departments to align priorities and ensure consistent process adoptionBalance operational practicality with effective risk managementRequirementsProven experience in process design and documentation (BPMN or similar methodologies)Strong knowledge of IT governance frameworks (e.g. ITIL, COBIT) and security governance concepts (e.g. CISM)Experience designing target operating models and governance structures in large organisationsStrong coordination and communication skills, with the ability to engage stakeholders from multiple domainsBackground in IT risk, supplier governance, or security transformation projects is a strong plusAdditional DetailsSTART DATE: Q4 2025DURATION: Long-term assignment (design + deployment through 2026)CONTRACT: Freelance LOCATION: BrusselsONSITE POLICY: Hybrid – 8 days per month onsiteHOURS PER WEEK: Full-timeLANGUAGES: English (French/Dutch a plus)INTERVIEW PROCESS: 2 stages